[Techtalk] Re: [Courses] New to this list, so, hi!

Wed Aug 27 06:24:48 EST 2003

--- Elwing <elwing at elwing.org> wrote:
> I suggest blocking ports 6000-6063 (there are a
> possible 64 displays that
> X can use)  port 6000 is :0.0 port 6001 is :1.0,
> etc...
> 
> another possibility is to make sure that you *NEVER*
> *EVER* do xhost +  by
> itself.  do xhost +IP instead
> 
> There's a nifty tool called xscan and xwin that will
> keystroke log
> (xscan), and grab a screenshot (xwin) remotely over
> ports 6000-6063.
> Great for getting root passwords.
> 
> The other option is to use the "secure keyboard"
> option in xterm (not
> available in konsole and gnome's terminal that I'm
> aware of). It's in one
> of the menus when you hold ctrl or shift or alt and
> click on the xterm -
> don't have xterm here or I'd tell you exactly which
> one.
> 
> Laura
Hi laura, in reply to another reply, *sigh* this is
confusing, i ran 'nmap -sT Mirrus'

tarting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1550 ports scanned but not shown below are in
state: closed)
Port       State       Service
22/tcp     open        ssh
37/tcp     open        time
111/tcp    open        sunrpc
113/tcp    open        auth
515/tcp    open        printer
6000/tcp   open        X11

Nmap run completed -- 1 IP address (1 host up) scanned
in 0 seconds

*but* i ran a port scan at another site, port's
6000-6255, came back "stealth" like closed but better!
Is it really needed to shut down access to these
port's in this case, i have a firewall in place,
blocking all remote, accepting all connection's from
my box. 
Joe. :)  
P.S. if you think i'm being a little *over* safe, i
like it that way!

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com